[
https://issues.apache.org/jira/browse/TIKA-1766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14952277#comment-14952277
]
Nick Burch commented on TIKA-1766:
----------------------------------
I can't see any reference to the specified url in any of the currrent Tika pom
files - are you sure you've not changed something yourself?
As a general rule, projects pushing things to Maven Central aren't allowed to
reference external repositories anyway, so there shouldn't normally be any
external repo refs in any ASF pom files
> Insecure repository reference
> -----------------------------
>
> Key: TIKA-1766
> URL: https://issues.apache.org/jira/browse/TIKA-1766
> Project: Tika
> Issue Type: Bug
> Reporter: Ben McCann
> Labels: security
>
> This line should be https for security
> ./tika-parent/pom.xml:
> <url>http://jbig2-imageio.googlecode.com/svn/maven-repository/</url>
> See
> http://blog.ontoillogical.com/blog/2014/07/28/how-to-take-over-any-java-developer/
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
